[FreeBSD-Announce] vBSDcon Registrations Only Open For 30 More Days!

Michael Powell nightrecon at hotmail.com
Mon Sep 23 20:29:49 UTC 2013

Brett Glass wrote:

> All:
> It's good to see corporate support of BSD, but at the same time I
> have mixed feelings about certain corporations -- Verisign among
> them -- hosting BSD-related conferences or becoming involved in the
> development of BSD-based operating systems. Why? Because Verisign,
> based in Reston, Virginia (the city next door to Vienna, VA, home
> of the NSA), has strong ties to this shadowy agency.

No. I used to work right down the street from Network Solutions (now known 
as Verisign) in Herndon. Indeed, I had job offerings from them but felt I was 
better off to stay where I was. The NSA is headquartered at Ft Meade, near 
Columbia in Maryland. I worked there for 8 years? The CIA headquarters is in 
Mclean, Virgina, which is right next door to Vienna. Reston/Herndon is a few 
miles down the Dulles Toll Rd to the west. I've been to all these places, so 
this is not some MapQuest google for me.

> The NSA, in
> turn -- as reported in documents recently leaked by Edward Snowden
> -- has a very strong interest in weakening the security of
> cryptographic algorithms, cryptographic software, and operating
> systems. We may want to look this gift horse very carefully in the
> mouth, or at least monitor very closely "contributions" of code
> that might introduce backdoors or weaknesses.

On some level I agree with this - to a point. Examine how the NSA maneuvered 
the NIST to approve and mandate the FIPS-140 protocols, where deeply 
concealed was a known weak prng. To some of us this is not news - we've 
known it for a long time. Arguments of pro vs con, good vs evil, ad 
infinitum ad nauseum, etc, are better served in a different venue.

It is so much easier to get away with concealing such things inside the 
closed-source paradigm. What I like and admire with open source is the code 
is out there in public for all to examine. These truly arcane crypto stuffs 
operate at such a high level of mathematical complexity that even very 
highly skilled cryptographer/mathematicians argue amongst themselves.

I am just not that smart, or that highly educated. There are some in the 
open source community who do have very large propellers on their beanie 
caps. I defer to them simply because they are smarter then me. I would trust 
them long before I would trust closed source. 

I agree about the 'looking the gift horse in the mouth' concept. Bear in 
mind, however, some of the guys at NIST are pretty smart too. And yet this 
FIPS-140/prng stuff went right by them. My suggestion is for FreeBSD (indeed 
open source in general) to try and engage, include, and attract to the 
community the kinds of elite mathematician who may have the facilities to 
examine the code at a higher level than can dummies like me.  

Whenever The Citadel wants the public to fixate on any one particular 
brouhaha I know they are trying to get everyone looking in a particular 
direction whilst they are pulling something else. Verisign may very well 
have some other obfuscated agenda. Take a step backwards and try to obtain 
some view of the bigger picture (hint). Will not elaborate here, even though 
I do have some crackpot ideas. 

I find it highly ironic:


I got no end of amusement from this.  Just my $ 0.02. 


More information about the freebsd-questions mailing list